Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pc very slow HijackThis Log attached


  • This topic is locked This topic is locked
18 replies to this topic

#1 mardoom

mardoom

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Africa
  • Local time:03:05 PM

Posted 15 February 2012 - 02:03 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:02:05 م, on 15/02/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
C:\Program Files\Zain Connect\Zain Connect.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [Sys32] c:\WINDOWS\Sys32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B83027C-CEA2-4CB8-BBAB-6E0DBD820784}: NameServer = 10.0.1.132 10.0.1.133
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 6218 bytes

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 PM

Posted 15 February 2012 - 02:36 PM

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mardoom

mardoom
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Africa
  • Local time:03:05 PM

Posted 16 February 2012 - 03:03 PM

Hi Gringo
Here are The Logs


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.2.0
Run by Artia at 22:49:33 on 2012-02-16
Microsoft Windows 7 Ultimate 6.1.7601.1.1256.20.1033.18.2039.1254 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\alg.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\spool\drivers\w32x86\3\fppdis3a.exe
C:\Windows\Sys32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [AdobeBridge] "c:\program files\adobe\adobe bridge cs5\Bridge.exe" -stealth
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [pdfFactory Pro Dispatcher v3] "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe" /source=HKLM
mRun: [Sys32] c:\windows\Sys32.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\artia\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\artia\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\artia\appdata\roaming\mozilla\firefox\profiles\rqcakms6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_183.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-1-25 85768]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 361000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-2-1 253600]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-12-10 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-12-10 208896]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-28 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-28 208944]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-9-16 15872]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-16 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-14 1343400]
.
=============== Created Last 30 ================
.
2012-02-15 20:11:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-15 20:11:03 141112 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-02-15 20:11:02 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2012-02-15 20:11:02 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-15 20:11:00 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-15 20:10:59 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2012-02-15 20:10:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-15 20:01:38 388096 ----a-r- c:\users\artia\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-02-15 20:01:36 -------- d-----w- c:\program files\Trend Micro
2012-02-15 19:59:28 6557240 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a49cd07d-b885-483f-8d68-9da9dbaba1c3}\mpengine.dll
2012-02-15 19:49:41 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 19:49:30 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 19:49:27 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 19:49:23 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-09 08:01:01 -------- d--h--w- c:\windows\PIF
2012-02-02 19:00:03 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-02 19:00:03 567184 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-02 13:20:24 -------- d-----w- C:\بوابة الشروق ترصد المواقف السياسية لأحداث مباراة الأهلي وبورسعيد لحظة بلحظة - بوابة الشروق_files
2012-02-02 13:02:01 572928 ----a-w- c:\windows\Sys32.exe
2012-02-01 19:38:14 417440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-01-26 11:00:39 70656 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{DB69CF0B-B4DC-4BB6-9788-870ECBEA41DA}-eapytp.pif
2012-01-26 11:00:33 70656 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{B52D554B-C9CC-476D-B087-CFB0B9F856D5}-ghsx.pif
2012-01-26 10:59:31 70656 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{CE308CCB-A163-4BB8-86D1-04512371B33B}-eapytp.pif
2012-01-26 10:59:30 70656 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{352B43FF-60E0-4424-90A6-8970A24E7B9E}-ghsx.pif
2012-01-26 10:57:48 1821008 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{6BE7F334-C6CE-4522-8647-41DAE058BA11}-Instmsiw.exe
2012-01-26 10:57:47 200704 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{B9BF587E-6191-400E-8066-33D32FDB22C1}-Setup.exe
2012-01-26 10:57:40 70656 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{7867DC6B-34FA-4351-8F99-14226378C4F5}-eapytp.pif
2012-01-26 10:57:40 70656 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{3E4B31F6-DB1C-4C62-8847-DF6DEF624F90}-ghsx.pif
2012-01-25 12:08:33 26112 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{1C73337C-8E53-4DA6-B8DC-4D3349A9E984}-GAXEE .EXE
2012-01-25 12:07:34 26112 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{3B670AFC-A775-47E3-A2B3-0C36EF2D1A84}-A0003761.EXE
2012-01-25 12:07:24 26112 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{528E0AA6-E8A4-4F2D-8F61-40D57040CF00}-GAXEE .EXE
2012-01-22 21:57:04 -------- d-----w- C:\New folder (2)
2012-01-20 12:30:22 -------- d-----w- c:\users\artia\appdata\roaming\Malwarebytes
2012-01-20 12:29:47 -------- d-----w- c:\programdata\Malwarebytes
.
==================== Find3M ====================
.
2012-02-01 19:38:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-11-19 14:01:00 67072 ----a-w- c:\windows\system32\packager.dll
.
============= FINISH: 22:52:02.30 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 14/09/2011 01:57:24 ص
System Uptime: 16/02/2012 10:47:42 م (0 hours ago)
.
Motherboard: Hewlett-Packard | | 09F0h
Processor: Intel® Pentium® 4 CPU 3.20GHz | XU1 PROCESSOR | 3200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 117 GiB total, 61.523 GiB free.
D: is FIXED (NTFS) - 98 GiB total, 88.684 GiB free.
E: is FIXED (NTFS) - 98 GiB total, 76.016 GiB free.
F: is FIXED (NTFS) - 153 GiB total, 124.02 GiB free.
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl51e3af43
Device ID: ROOT\LEGACY_MPKSL51E3AF43\0000
Manufacturer:
Name: MpKsl51e3af43
PNP Device ID: ROOT\LEGACY_MPKSL51E3AF43\0000
Service: MpKsl51e3af43
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl5ed540fb
Device ID: ROOT\LEGACY_MPKSL5ED540FB\0000
Manufacturer:
Name: MpKsl5ed540fb
PNP Device ID: ROOT\LEGACY_MPKSL5ED540FB\0000
Service: MpKsl5ed540fb
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl693869aa
Device ID: ROOT\LEGACY_MPKSL693869AA\0000
Manufacturer:
Name: MpKsl693869aa
PNP Device ID: ROOT\LEGACY_MPKSL693869AA\0000
Service: MpKsl693869aa
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: USBSTOR\CDROM&VEN_HUAWEI&PROD_MASS_STORAGE&REV_2.31\8&B397DC6&2
Manufacturer: (Standard CD-ROM drives)
Name: HUAWEI Mass Storage USB Device
PNP Device ID: USBSTOR\CDROM&VEN_HUAWEI&PROD_MASS_STORAGE&REV_2.31\8&B397DC6&2
Service: cdrom
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl761fbc50
Device ID: ROOT\LEGACY_MPKSL761FBC50\0000
Manufacturer:
Name: MpKsl761fbc50
PNP Device ID: ROOT\LEGACY_MPKSL761FBC50\0000
Service: MpKsl761fbc50
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&1D02705E&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&1D02705E&0
Service: i8042prt
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl03a95a80
Device ID: ROOT\LEGACY_MPKSL03A95A80\0000
Manufacturer:
Name: MpKsl03a95a80
PNP Device ID: ROOT\LEGACY_MPKSL03A95A80\0000
Service: MpKsl03a95a80
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl8434d74b
Device ID: ROOT\LEGACY_MPKSL8434D74B\0000
Manufacturer:
Name: MpKsl8434d74b
PNP Device ID: ROOT\LEGACY_MPKSL8434D74B\0000
Service: MpKsl8434d74b
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl8e912fbb
Device ID: ROOT\LEGACY_MPKSL8E912FBB\0000
Manufacturer:
Name: MpKsl8e912fbb
PNP Device ID: ROOT\LEGACY_MPKSL8E912FBB\0000
Service: MpKsl8e912fbb
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl30523ee8
Device ID: ROOT\LEGACY_MPKSL30523EE8\0000
Manufacturer:
Name: MpKsl30523ee8
PNP Device ID: ROOT\LEGACY_MPKSL30523EE8\0000
Service: MpKsl30523ee8
.
==== System Restore Points ===================
.
RP92: 12/02/2012 11:45:53 ص - Scheduled Checkpoint
RP93: 15/02/2012 09:57:42 م - Windows Update
RP94: 15/02/2012 10:00:08 م - Installed HiJackThis
RP95: 15/02/2012 10:10:16 م - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
???I ?????
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 2.0
Adobe InDesign CS5
Adobe Media Player
Adobe Photoshop CS2
Adobe Reader X
Adobe Stock Photos 1.0
Any Video Converter 3.2.6
CCleaner
Corel Graphics Suite 11
Driver Genius Professional 11.0.0.1112
HiJackThis
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HUAWEI DataCard Driver 4.20.03.00
Intel® Graphics Media Accelerator Driver
Internet Download Manager
Java Auto Updater
Java™ 7 Update 2
KONICA MINOLTA HDD TWAIN Ver.3
KONICA MINOLTA TWAIN Ver.3
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 10.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenAL
pdfFactory Pro
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Reimage Repair
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
sudani mDSL
SWiSHmax
SWiSHpix
SWiSHstudio
SWiSHvideo
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VBA (2627.01)
VLC media player 1.1.11
Win7codecs
WinRAR 4.10 beta 5 (32-bit)
Zain Connect
.
==== Event Viewer Messages From Past Week ========
.
16/02/2012 12:41:58 م, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
16/02/2012 11:18:44 ص, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
16/02/2012 10:59:19 ص, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
16/02/2012 10:59:19 ص, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
16/02/2012 10:53:47 ص, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
16/02/2012 10:53:46 ص, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
16/02/2012 10:48:45 م, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
16/02/2012 10:48:45 م, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
16/02/2012 10:48:32 م, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom PxHelp20
16/02/2012 10:44:31 م, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
16/02/2012 10:44:31 م, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
16/02/2012 10:44:27 م, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom PxHelp20
16/02/2012 10:43:15 ص, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom PxHelp20
16/02/2012 10:39:09 م, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
16/02/2012 04:36:38 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR16.
16/02/2012 04:36:37 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR16.
16/02/2012 04:36:37 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR16.
16/02/2012 04:35:24 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR16.
16/02/2012 04:35:22 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR16.
16/02/2012 04:35:22 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR16.
16/02/2012 04:35:21 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR16.
16/02/2012 04:35:21 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR16.
16/02/2012 04:20:33 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR14.
16/02/2012 04:20:32 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR14.
16/02/2012 04:20:31 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR14.
15/02/2012 12:59:13 م, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8001.0&avdelta=1.119.1479.0&asdelta=1.119.1479.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
15/02/2012 12:59:13 م, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8001.0&avdelta=1.119.1479.0&asdelta=1.119.1479.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
15/02/2012 12:59:13 م, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8001.0&avdelta=1.119.1479.0&asdelta=1.119.1479.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
15/02/2012 12:59:13 م, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8001.0&avdelta=1.119.1479.0&asdelta=1.119.1479.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
15/02/2012 12:59:05 م, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
15/02/2012 12:48:44 م, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
15/02/2012 12:48:43 م, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
15/02/2012 12:48:37 م, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom PxHelp20
15/02/2012 10:45:29 م, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
15/02/2012 10:45:29 م, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
15/02/2012 10:45:22 م, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom PxHelp20
15/02/2012 10:13:46 م, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
15/02/2012 10:13:45 م, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
15/02/2012 10:13:37 م, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
15/02/2012 09:43:00 ص, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8001.0&avdelta=1.119.1479.0&asdelta=1.119.1479.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
15/02/2012 09:43:00 ص, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8001.0&avdelta=1.119.1479.0&asdelta=1.119.1479.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
15/02/2012 09:43:00 ص, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8001.0&avdelta=1.119.1479.0&asdelta=1.119.1479.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
15/02/2012 09:43:00 ص, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8001.0&avdelta=1.119.1479.0&asdelta=1.119.1479.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
15/02/2012 09:42:54 ص, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
15/02/2012 09:32:31 ص, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
15/02/2012 09:32:31 ص, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
15/02/2012 09:32:29 ص, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom PxHelp20
15/02/2012 09:32:18 ص, Error: EventLog [6008] - The previous system shutdown at 1:10:28 AM on ‎2/‎15/‎2012 was unexpected.
15/02/2012 04:39:07 م, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
15/02/2012 02:27:38 م, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
15/02/2012 02:02:08 م, Error: bowser [8003] - The master browser has received a server announcement from the computer GAMAL-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8A9104EB-DADE-4F5B-9363-1E6503F57. The master browser is stopping or an election is being forced.
15/02/2012 01:00:52 م, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
14/02/2012 09:49:25 ص, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8001.0&avdelta=1.119.1479.0&asdelta=1.119.1479.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
14/02/2012 09:49:25 ص, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8001.0&avdelta=1.119.1479.0&asdelta=1.119.1479.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
14/02/2012 09:49:25 ص, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8001.0&avdelta=1.119.1479.0&asdelta=1.119.1479.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
14/02/2012 09:49:25 ص, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8001.0&avdelta=1.119.1479.0&asdelta=1.119.1479.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
14/02/2012 09:49:17 ص, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
14/02/2012 09:38:52 ص, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
14/02/2012 09:38:52 ص, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
14/02/2012 09:38:50 ص, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom PxHelp20
14/02/2012 08:41:29 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR25.
14/02/2012 08:41:28 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR25.
14/02/2012 08:41:28 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR25.
14/02/2012 08:41:27 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR25.
14/02/2012 05:14:18 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR16.
14/02/2012 05:14:17 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR16.
14/02/2012 05:14:16 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR16.
13/02/2012 11:54:52 ص, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
13/02/2012 11:54:51 ص, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
13/02/2012 11:54:50 ص, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
13/02/2012 11:11:06 ص, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
13/02/2012 11:00:40 ص, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
13/02/2012 11:00:40 ص, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
13/02/2012 11:00:38 ص, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom PxHelp20
13/02/2012 10:43:56 ص, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
13/02/2012 10:16:50 ص, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
13/02/2012 10:16:50 ص, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
13/02/2012 10:16:49 ص, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
13/02/2012 10:16:49 ص, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
13/02/2012 09:28:23 ص, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
13/02/2012 09:17:59 ص, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
13/02/2012 09:17:59 ص, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
13/02/2012 09:17:56 ص, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom PxHelp20
13/02/2012 07:40:01 م, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8001.0&avdelta=1.119.1479.0&asdelta=1.119.1479.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
13/02/2012 07:40:01 م, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8001.0&avdelta=1.119.1479.0&asdelta=1.119.1479.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
13/02/2012 07:40:01 م, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8001.0&avdelta=1.119.1479.0&asdelta=1.119.1479.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
13/02/2012 07:40:01 م, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8001.0&avdelta=1.119.1479.0&asdelta=1.119.1479.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
13/02/2012 07:39:53 م, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
13/02/2012 07:29:30 م, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
13/02/2012 07:29:30 م, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
13/02/2012 07:29:28 م, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom PxHelp20
13/02/2012 07:29:17 م, Error: EventLog [6008] - The previous system shutdown at 6:50:11 PM on ‎2/‎13/‎2012 was unexpected.
13/02/2012 06:44:01 م, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
13/02/2012 06:44:01 م, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
13/02/2012 06:43:51 م, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom PxHelp20
13/02/2012 06:43:37 م, Error: EventLog [6008] - The previous system shutdown at 6:41:16 PM on ‎2/‎13/‎2012 was unexpected.
13/02/2012 06:20:27 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR11.
13/02/2012 06:05:24 م, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
13/02/2012 06:05:22 م, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
13/02/2012 06:02:46 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR10.
13/02/2012 06:02:46 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR10.
13/02/2012 06:02:45 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR10.
13/02/2012 06:02:45 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR10.
13/02/2012 06:02:08 م, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
13/02/2012 06:01:40 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR9.
13/02/2012 06:01:39 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR9.
13/02/2012 06:01:38 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR9.
13/02/2012 05:25:33 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR8.
13/02/2012 05:25:32 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR8.
13/02/2012 05:25:31 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR8.
13/02/2012 04:03:02 م, Error: bowser [8003] - The master browser has received a server announcement from the computer GAMAL-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8A9104EB-DADE-4F5B-9363-1E6503F57. The master browser is stopping or an election is being forced.
12/02/2012 11:00:19 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR24.
12/02/2012 11:00:18 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR24.
12/02/2012 11:00:17 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR24.
12/02/2012 10:57:46 ص, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
12/02/2012 10:57:45 ص, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
12/02/2012 10:57:45 ص, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
12/02/2012 10:57:44 ص, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
12/02/2012 10:48:42 ص, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
12/02/2012 10:48:42 ص, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
12/02/2012 10:40:31 ص, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/02/2012 10:32:42 ص, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/02/2012 10:32:42 ص, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/02/2012 10:32:33 ص, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/02/2012 10:32:33 ص, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/02/2012 10:32:33 ص, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/02/2012 10:32:33 ص, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/02/2012 10:32:33 ص, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/02/2012 10:32:23 ص, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
12/02/2012 10:32:23 ص, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
12/02/2012 10:30:36 ص, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom PxHelp20
12/02/2012 10:28:06 ص, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom PxHelp20
12/02/2012 05:36:18 م, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.1. The computer with the IP address 192.168.1.24 did not allow the name to be claimed by this computer.
12/02/2012 04:55:09 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR18.
12/02/2012 04:55:09 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR18.
12/02/2012 04:55:08 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR18.
12/02/2012 04:55:08 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR18.
12/02/2012 04:55:07 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR18.
12/02/2012 03:19:45 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR11.
12/02/2012 03:13:32 م, Error: bowser [8003] - The master browser has received a server announcement from the computer GAMAL-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8A9104EB-DADE-4F5B-9363-1E6503F57. The master browser is stopping or an election is being forced.
12/02/2012 02:45:01 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR7.
12/02/2012 02:45:01 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR7.
12/02/2012 02:45:00 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR7.
11/02/2012 10:39:43 ص, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
11/02/2012 10:39:43 ص, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
11/02/2012 10:11:41 ص, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/02/2012 10:01:41 ص, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom PxHelp20
11/02/2012 09:49:55 م, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
11/02/2012 09:49:53 م, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
11/02/2012 06:51:00 م, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
11/02/2012 06:50:54 م, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
11/02/2012 06:40:59 م, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
11/02/2012 06:40:59 م, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
11/02/2012 05:59:06 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR32.
11/02/2012 05:59:05 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR32.
11/02/2012 05:01:28 م, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
11/02/2012 03:51:33 م, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
11/02/2012 03:44:12 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR16.
11/02/2012 03:44:11 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR16.
11/02/2012 03:44:11 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR16.
11/02/2012 03:44:10 م, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR16.
10/02/2012 11:32:47 ص, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
10/02/2012 11:22:22 ص, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
10/02/2012 11:22:22 ص, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
10/02/2012 11:22:20 ص, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom PxHelp20
10/02/2012 10:13:37 م, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
10/02/2012 10:03:50 م, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom PxHelp20
10/02/2012 10:03:33 م, Error: EventLog [6008] - The previous system shutdown at 10:02:24 PM on ‎2/‎10/‎2012 was unexpected.
10/02/2012 07:55:52 م, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
10/02/2012 05:48:26 م, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
10/02/2012 05:48:23 م, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
10/02/2012 04:32:39 م, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
10/02/2012 03:55:49 م, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
10/02/2012 03:55:17 م, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
10/02/2012 03:55:15 م, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
10/02/2012 03:43:55 م, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
09/02/2012 11:16:59 م, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
09/02/2012 10:08:02 ص, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1479.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
09/02/2012 09:56:57 ص, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
09/02/2012 09:56:57 ص, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
09/02/2012 09:56:55 ص, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom PxHelp20
09/02/2012 07:40:47 م, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
09/02/2012 07:40:47 م, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
09/02/2012 03:26:59 م, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
09/02/2012 01:16:58 م, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
.
==== End Of File ===========================


Regards
Amir

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 PM

Posted 16 February 2012 - 05:59 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mardoom

mardoom
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Africa
  • Local time:03:05 PM

Posted 17 February 2012 - 04:46 PM

Hi Gringo
Here is the Log

ComboFix 12-02-17.02 - Artia 02/18/2012 0:19.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1256.20.1033.18.2039.1286 [GMT 2:00]
Running from: c:\users\Artia\Downloads\Programs\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper.js
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper2.js
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc.dll
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc64.dll
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper.xpt
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper2.xpt
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\components2\iIDMMzCC.xpt
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\install.js
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\install.rdf
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
c:\users\Artia\Documents\~WRD0002.tmp
c:\users\Artia\Documents\~WRL0001.tmp
c:\windows\sys32.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-01-17 to 2012-02-17 )))))))))))))))))))))))))))))))
.
.
2012-02-17 22:39 . 2012-02-17 22:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-17 22:12 . 2012-02-17 22:12 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{877177A3-7B67-4AEB-BD12-D1A4B213B2FE}\offreg.dll
2012-02-16 21:24 . 2012-02-16 21:24 -------- d-----w- c:\program files\DDR - Pen Drive Recovery(Demo)
2012-02-16 21:24 . 2010-07-01 01:32 67312 ----a-w- c:\windows\UnDeployV.exe
2012-02-16 21:06 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{877177A3-7B67-4AEB-BD12-D1A4B213B2FE}\mpengine.dll
2012-02-15 20:11 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-15 20:11 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-02-15 20:11 . 2011-12-14 03:04 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-15 20:11 . 2011-12-14 02:54 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-02-15 20:11 . 2011-12-14 02:57 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-15 20:10 . 2011-12-14 02:59 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-02-15 20:10 . 2011-12-14 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-15 20:01 . 2012-02-15 20:01 388096 ----a-r- c:\users\Artia\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-15 20:01 . 2012-02-15 20:01 -------- d-----w- c:\program files\Trend Micro
2012-02-15 19:49 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 19:49 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 19:49 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 19:49 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-12 13:19 . 2012-02-12 13:19 24576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{90FF0115-E261-4DE0-B84F-3E8054C5E887}-HPQUSGL.EXE
2012-02-09 08:01 . 2012-02-09 08:01 -------- d--h--w- c:\windows\PIF
2012-02-02 19:00 . 2012-02-02 19:00 -------- d-----w- c:\program files\Common Files\Java
2012-02-02 19:00 . 2012-02-02 18:59 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-02 19:00 . 2012-02-02 18:59 567184 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-02 18:59 . 2012-02-02 18:59 -------- d-----w- c:\program files\Java
2012-02-02 13:20 . 2012-02-02 13:20 -------- d-----w- C:\بوابة الشروق ترصد المواقف السياسية لأحداث مباراة الأهلي وبورسعيد لحظة بلحظة - بوابة الشروق_files
2012-02-01 19:38 . 2012-02-01 19:38 417440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-01-26 11:00 . 2012-01-26 11:00 70656 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{DB69CF0B-B4DC-4BB6-9788-870ECBEA41DA}-eapytp.pif
2012-01-26 11:00 . 2012-01-26 11:00 70656 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{B52D554B-C9CC-476D-B087-CFB0B9F856D5}-ghsx.pif
2012-01-26 10:59 . 2012-01-26 10:59 70656 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{CE308CCB-A163-4BB8-86D1-04512371B33B}-eapytp.pif
2012-01-26 10:59 . 2012-01-26 10:59 70656 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{352B43FF-60E0-4424-90A6-8970A24E7B9E}-ghsx.pif
2012-01-26 10:57 . 2012-01-26 10:57 1821008 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{6BE7F334-C6CE-4522-8647-41DAE058BA11}-Instmsiw.exe
2012-01-26 10:57 . 2012-01-26 10:57 200704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{B9BF587E-6191-400E-8066-33D32FDB22C1}-Setup.exe
2012-01-26 10:57 . 2012-01-26 10:57 70656 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{7867DC6B-34FA-4351-8F99-14226378C4F5}-eapytp.pif
2012-01-26 10:57 . 2012-01-26 10:57 70656 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{3E4B31F6-DB1C-4C62-8847-DF6DEF624F90}-ghsx.pif
2012-01-25 12:08 . 2012-01-25 12:08 26112 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{1C73337C-8E53-4DA6-B8DC-4D3349A9E984}-GAXEE .EXE
2012-01-25 12:07 . 2012-01-25 12:07 26112 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{3B670AFC-A775-47E3-A2B3-0C36EF2D1A84}-A0003761.EXE
2012-01-25 12:07 . 2012-01-25 12:07 26112 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{528E0AA6-E8A4-4F2D-8F61-40D57040CF00}-GAXEE .EXE
2012-01-22 21:57 . 2012-01-22 21:57 -------- d-----w- C:\New folder (2)
2012-01-20 12:30 . 2012-01-20 12:30 -------- d-----w- c:\users\Artia\AppData\Roaming\Malwarebytes
2012-01-20 12:29 . 2012-01-20 12:29 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-01 19:38 . 2011-09-18 16:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44 . 2009-10-14 09:58 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 04:19 . 2011-09-15 21:58 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-17 14:53 . 2011-11-10 08:56 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 16:23 68216 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-03-11 3301376]
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe" [2010-03-09 11989960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-17 11430504]
"pdfFactory Pro Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-12-11 614400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
.
c:\users\Artia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 22:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
R1 MpKsl03a95a80;MpKsl03a95a80;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63208238-713E-48B1-8EBC-EA55B6E26924}\MpKsl03a95a80.sys [x]
R1 MpKsl30523ee8;MpKsl30523ee8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4A53384-9A94-4BEB-9494-18B385256FFE}\MpKsl30523ee8.sys [x]
R1 MpKsl51e3af43;MpKsl51e3af43;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F584F9B-52F1-404C-9052-9DABD337711A}\MpKsl51e3af43.sys [x]
R1 MpKsl5ed540fb;MpKsl5ed540fb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63208238-713E-48B1-8EBC-EA55B6E26924}\MpKsl5ed540fb.sys [x]
R1 MpKsl693869aa;MpKsl693869aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4A53384-9A94-4BEB-9494-18B385256FFE}\MpKsl693869aa.sys [x]
R1 MpKsl761fbc50;MpKsl761fbc50;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63208238-713E-48B1-8EBC-EA55B6E26924}\MpKsl761fbc50.sys [x]
R1 MpKsl812a505d;MpKsl812a505d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F584F9B-52F1-404C-9052-9DABD337711A}\MpKsl812a505d.sys [x]
R1 MpKsl8434d74b;MpKsl8434d74b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4A53384-9A94-4BEB-9494-18B385256FFE}\MpKsl8434d74b.sys [x]
R1 MpKsl8e912fbb;MpKsl8e912fbb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1CCA76D-6671-44A6-AC1E-F67F080F1462}\MpKsl8e912fbb.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-01 253600]
R3 cpuz134;cpuz134;c:\users\Artia\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-08-31 208896]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-14 1343400]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-01-25 85768]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-01 19:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
FF - ProfilePath - c:\users\Artia\AppData\Roaming\Mozilla\Firefox\Profiles\rqcakms6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-Sys32 - c:\windows\Sys32.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-597993105-3846562757-1954601564-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*, j*p*g*\OpenWithList]
@Class="Shell"
"a"="PhotoViewer.dll"
"MRUList"="ba"
"b"="DllHost.exe"
.
[HKEY_USERS\S-1-5-21-597993105-3846562757-1954601564-1000_Classes\CLSID\{5a45c3c6-8b8b-4aad-901a-81616186763d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-597993105-3846562757-1954601564-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):9a,00,04,c6,af,f4,45,d5,8e,ef,95,44,b5,60,e2,79,71,9b,f2,0b,52,
12,c1,d9,1e,0d,37,ab,7c,2c,35,b6,d0,73,49,04,86,f3,bd,61,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-18 00:42:53
ComboFix-quarantined-files.txt 2012-02-17 22:42
.
Pre-Run: 66,770,460,672 bytes free
Post-Run: 66,357,788,672 bytes free
.
- - End Of File - - 8AB16596601F23616E62DFFE2FA7B331

Regards
Amir

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 PM

Posted 17 February 2012 - 09:43 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mardoom

mardoom
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Africa
  • Local time:03:05 PM

Posted 19 February 2012 - 11:32 AM

Hi Gringo
Here are the Logs

aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-19 18:14:14
-----------------------------
18:14:14.619 OS Version: Windows 6.1.7601 Service Pack 1
18:14:14.619 Number of processors: 2 586 0x40A
18:14:14.627 ComputerName: ARTIA-PC UserName: Artia
18:14:15.737 Initialize success
18:18:08.290 AVAST engine defs: 12021900
18:18:19.857 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
18:18:19.863 Disk 0 Vendor: WDC_WD5000AAKX-001CA0 15.01H15 Size: 476940MB BusType: 3
18:18:19.879 Disk 0 MBR read successfully
18:18:19.884 Disk 0 MBR scan
18:18:19.941 Disk 0 Windows 7 default MBR code
18:18:19.946 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 120001 MB offset 63
18:18:20.012 Disk 0 Partition - 00 0F Extended LBA 356928 MB offset 245762370
18:18:20.035 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99998 MB offset 245762433
18:18:20.114 Disk 0 Partition - 00 05 Extended 99998 MB offset 450558990
18:18:20.142 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 99998 MB offset 450559053
18:18:20.232 Disk 0 Partition - 00 05 Extended 156931 MB offset 860152230
18:18:20.270 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 156931 MB offset 655355673
18:18:20.379 Disk 0 scanning sectors +976752000
18:18:20.563 Disk 0 scanning C:\Windows\system32\drivers
18:18:52.827 Service scanning
18:19:21.800 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
18:19:53.096 Modules scanning
18:20:02.768 Disk 0 trace - called modules:
18:20:02.787 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
18:20:02.794 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e46a58]
18:20:02.795 3 CLASSPNP.SYS[8be9259e] -> nt!IofCallDriver -> [0x87d78918]
18:20:02.797 5 ACPI.sys[8b61d3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x87d76908]
18:20:03.318 AVAST engine scan C:\Windows
18:20:05.647 File: C:\Windows\backup.dll **INFECTED** Win32:Malware-gen
18:20:15.786 AVAST engine scan C:\Windows\system32
18:27:36.812 AVAST engine scan C:\Windows\system32\drivers
18:27:59.638 AVAST engine scan C:\Users\Artia
18:29:25.865 Disk 0 MBR has been saved successfully to "C:\Users\Artia\Desktop\MBR.dat"
18:29:26.052 The log file has been saved successfully to "C:\Users\Artia\Desktop\aswMBR.txt"


18:12:21.0658 6472 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
18:12:23.0670 6472 ============================================================
18:12:23.0671 6472 Current date / time: 2012/02/19 18:12:23.0670
18:12:23.0671 6472 SystemInfo:
18:12:23.0671 6472
18:12:23.0671 6472 OS Version: 6.1.7601 ServicePack: 1.0
18:12:23.0671 6472 Product type: Workstation
18:12:23.0671 6472 ComputerName: ARTIA-PC
18:12:23.0672 6472 UserName: Artia
18:12:23.0672 6472 Windows directory: C:\Windows
18:12:23.0672 6472 System windows directory: C:\Windows
18:12:23.0672 6472 Processor architecture: Intel x86
18:12:23.0672 6472 Number of processors: 2
18:12:23.0672 6472 Page size: 0x1000
18:12:23.0672 6472 Boot type: Normal boot
18:12:23.0672 6472 ============================================================
18:12:28.0068 6472 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:12:28.0229 6472 Drive \Device\Harddisk1\DR16 - Size: 0x3AE80000 (0.92 Gb), SectorSize: 0x200, Cylinders: 0x78, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:12:28.0233 6472 \Device\Harddisk0\DR0:
18:12:28.0233 6472 MBR used
18:12:28.0233 6472 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEA60903
18:12:28.0250 6472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xEA60981, BlocksNum 0xC34F28D
18:12:28.0281 6472 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1ADAFC4D, BlocksNum 0xC34F28D
18:12:28.0318 6472 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x270FEF19, BlocksNum 0x13281E67
18:12:28.0318 6472 \Device\Harddisk1\DR16:
18:12:28.0320 6472 MBR used
18:12:28.0800 6472 Initialize success
18:12:28.0800 6472 ============================================================
18:12:32.0257 6552 ============================================================
18:12:32.0257 6552 Scan started
18:12:32.0257 6552 Mode: Manual;
18:12:32.0257 6552 ============================================================
18:12:34.0223 6552 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:12:34.0249 6552 1394ohci - ok
18:12:34.0301 6552 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:12:34.0308 6552 ACPI - ok
18:12:34.0352 6552 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:12:34.0401 6552 AcpiPmi - ok
18:12:34.0480 6552 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:12:34.0565 6552 adp94xx - ok
18:12:34.0587 6552 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:12:34.0663 6552 adpahci - ok
18:12:34.0686 6552 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:12:34.0762 6552 adpu320 - ok
18:12:34.0839 6552 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:12:34.0891 6552 AFD - ok
18:12:35.0023 6552 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:12:35.0025 6552 agp440 - ok
18:12:35.0065 6552 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:12:35.0075 6552 aic78xx - ok
18:12:35.0112 6552 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:12:35.0129 6552 aliide - ok
18:12:35.0161 6552 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:12:35.0181 6552 amdagp - ok
18:12:35.0201 6552 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:12:35.0247 6552 amdide - ok
18:12:35.0294 6552 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:12:35.0305 6552 AmdK8 - ok
18:12:35.0328 6552 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:12:35.0333 6552 AmdPPM - ok
18:12:35.0375 6552 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:12:35.0395 6552 amdsata - ok
18:12:35.0434 6552 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:12:35.0448 6552 amdsbs - ok
18:12:35.0467 6552 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:12:35.0469 6552 amdxata - ok
18:12:35.0534 6552 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:12:35.0549 6552 AppID - ok
18:12:35.0640 6552 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:12:35.0644 6552 arc - ok
18:12:35.0663 6552 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:12:35.0716 6552 arcsas - ok
18:12:35.0752 6552 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:12:35.0754 6552 AsyncMac - ok
18:12:35.0790 6552 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:12:35.0791 6552 atapi - ok
18:12:35.0852 6552 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:12:35.0896 6552 b06bdrv - ok
18:12:35.0922 6552 b57nd60x (37c0fdc2b0c7b285910695194bf39826) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:12:35.0941 6552 b57nd60x - ok
18:12:35.0977 6552 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:12:36.0029 6552 Beep - ok
18:12:36.0079 6552 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:12:36.0094 6552 blbdrive - ok
18:12:36.0136 6552 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:12:36.0147 6552 bowser - ok
18:12:36.0169 6552 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:12:36.0194 6552 BrFiltLo - ok
18:12:36.0227 6552 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:12:36.0249 6552 BrFiltUp - ok
18:12:36.0303 6552 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
18:12:36.0337 6552 BridgeMP - ok
18:12:36.0366 6552 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:12:36.0381 6552 Brserid - ok
18:12:36.0394 6552 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:12:36.0425 6552 BrSerWdm - ok
18:12:36.0437 6552 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:12:36.0446 6552 BrUsbMdm - ok
18:12:36.0459 6552 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:12:36.0472 6552 BrUsbSer - ok
18:12:36.0487 6552 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:12:36.0513 6552 BTHMODEM - ok
18:12:36.0693 6552 catchme - ok
18:12:36.0837 6552 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:12:36.0849 6552 cdfs - ok
18:12:36.0911 6552 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
18:12:36.0954 6552 cdrom - ok
18:12:36.0994 6552 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:12:37.0094 6552 circlass - ok
18:12:37.0136 6552 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:12:37.0144 6552 CLFS - ok
18:12:37.0237 6552 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:12:37.0248 6552 CmBatt - ok
18:12:37.0289 6552 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:12:37.0293 6552 cmdide - ok
18:12:37.0376 6552 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
18:12:37.0384 6552 CNG - ok
18:12:37.0471 6552 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:12:37.0485 6552 Compbatt - ok
18:12:37.0558 6552 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:12:37.0595 6552 CompositeBus - ok
18:12:37.0710 6552 cpuz134 - ok
18:12:37.0827 6552 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:12:37.0929 6552 crcdisk - ok
18:12:37.0991 6552 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
18:12:38.0059 6552 CSC - ok
18:12:38.0115 6552 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:12:38.0118 6552 DfsC - ok
18:12:38.0171 6552 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:12:38.0262 6552 discache - ok
18:12:38.0298 6552 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:12:38.0300 6552 Disk - ok
18:12:38.0371 6552 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:12:38.0425 6552 drmkaud - ok
18:12:38.0578 6552 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:12:38.0622 6552 DXGKrnl - ok
18:12:38.0671 6552 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:12:38.0680 6552 E1G60 - ok
18:12:38.0784 6552 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:12:38.0867 6552 ebdrv - ok
18:12:38.0925 6552 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:12:39.0019 6552 elxstor - ok
18:12:39.0053 6552 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:12:39.0084 6552 ErrDev - ok
18:12:39.0188 6552 ewusbnet (95bcb4321962028799eb2ea53319bb0c) C:\Windows\system32\DRIVERS\ewusbnet.sys
18:12:39.0193 6552 ewusbnet - ok
18:12:39.0264 6552 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
18:12:39.0267 6552 ew_hwusbdev - ok
18:12:39.0309 6552 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:12:39.0328 6552 exfat - ok
18:12:39.0361 6552 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:12:39.0364 6552 fastfat - ok
18:12:39.0408 6552 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:12:39.0412 6552 fdc - ok
18:12:39.0453 6552 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:12:39.0456 6552 FileInfo - ok
18:12:39.0475 6552 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:12:39.0496 6552 Filetrace - ok
18:12:39.0520 6552 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:12:39.0523 6552 flpydisk - ok
18:12:39.0565 6552 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:12:39.0571 6552 FltMgr - ok
18:12:39.0602 6552 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:12:39.0617 6552 FsDepends - ok
18:12:39.0644 6552 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:12:39.0647 6552 Fs_Rec - ok
18:12:39.0694 6552 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:12:39.0700 6552 fvevol - ok
18:12:39.0745 6552 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:12:39.0761 6552 gagp30kx - ok
18:12:39.0788 6552 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:12:39.0797 6552 hcw85cir - ok
18:12:39.0857 6552 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:12:39.0863 6552 HdAudAddService - ok
18:12:39.0895 6552 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:12:39.0899 6552 HDAudBus - ok
18:12:39.0940 6552 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:12:39.0953 6552 HidBatt - ok
18:12:39.0966 6552 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:12:40.0005 6552 HidBth - ok
18:12:40.0146 6552 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:12:40.0189 6552 HidIr - ok
18:12:40.0233 6552 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
18:12:40.0246 6552 HidUsb - ok
18:12:40.0299 6552 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:12:40.0335 6552 HpSAMD - ok
18:12:40.0393 6552 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:12:40.0401 6552 HTTP - ok
18:12:40.0460 6552 hwdatacard (a89423d0132c8ab69ba621b6ce191714) C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:12:40.0476 6552 hwdatacard - ok
18:12:40.0513 6552 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:12:40.0515 6552 hwpolicy - ok
18:12:40.0531 6552 hwusbdev - ok
18:12:40.0584 6552 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:12:40.0635 6552 i8042prt - ok
18:12:40.0683 6552 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:12:40.0783 6552 iaStorV - ok
18:12:40.0901 6552 IDMWFP (a99b28d267c4d661d976975db9c6726f) C:\Windows\system32\DRIVERS\idmwfp.sys
18:12:40.0905 6552 IDMWFP - ok
18:12:41.0045 6552 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:12:41.0161 6552 igfx - ok
18:12:41.0210 6552 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:12:41.0242 6552 iirsp - ok
18:12:41.0393 6552 IntcAzAudAddService (345ac48d17f5c2f2aa1ee50d34c3978b) C:\Windows\system32\drivers\RTKVHDA.sys
18:12:41.0480 6552 IntcAzAudAddService - ok
18:12:41.0538 6552 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:12:41.0540 6552 intelide - ok
18:12:41.0613 6552 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:12:41.0623 6552 intelppm - ok
18:12:41.0649 6552 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:12:41.0707 6552 IpFilterDriver - ok
18:12:41.0751 6552 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:12:41.0769 6552 IPMIDRV - ok
18:12:41.0797 6552 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:12:41.0802 6552 IPNAT - ok
18:12:41.0846 6552 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:12:41.0869 6552 IRENUM - ok
18:12:41.0893 6552 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:12:41.0911 6552 isapnp - ok
18:12:41.0949 6552 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:12:41.0974 6552 iScsiPrt - ok
18:12:42.0030 6552 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
18:12:42.0058 6552 kbdclass - ok
18:12:42.0094 6552 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
18:12:42.0117 6552 kbdhid - ok
18:12:42.0178 6552 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
18:12:42.0181 6552 KSecDD - ok
18:12:42.0221 6552 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
18:12:42.0225 6552 KSecPkg - ok
18:12:42.0315 6552 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:12:42.0318 6552 lltdio - ok
18:12:42.0361 6552 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:12:42.0374 6552 LSI_FC - ok
18:12:42.0406 6552 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:12:42.0438 6552 LSI_SAS - ok
18:12:42.0465 6552 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:12:42.0470 6552 LSI_SAS2 - ok
18:12:42.0511 6552 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:12:42.0523 6552 LSI_SCSI - ok
18:12:42.0561 6552 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:12:42.0564 6552 luafv - ok
18:12:42.0595 6552 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:12:42.0603 6552 megasas - ok
18:12:42.0656 6552 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:12:42.0674 6552 MegaSR - ok
18:12:42.0724 6552 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:12:42.0726 6552 Modem - ok
18:12:42.0774 6552 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:12:42.0777 6552 monitor - ok
18:12:42.0821 6552 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:12:42.0855 6552 mouclass - ok
18:12:42.0897 6552 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:12:42.0901 6552 mouhid - ok
18:12:42.0942 6552 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:12:42.0945 6552 mountmgr - ok
18:12:42.0993 6552 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
18:12:42.0997 6552 MpFilter - ok
18:12:43.0034 6552 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:12:43.0084 6552 mpio - ok
18:12:43.0164 6552 MpKsl03a95a80 - ok
18:12:43.0205 6552 MpKsl30523ee8 - ok
18:12:43.0232 6552 MpKsl51e3af43 - ok
18:12:43.0249 6552 MpKsl5ed540fb - ok
18:12:43.0261 6552 MpKsl693869aa - ok
18:12:43.0272 6552 MpKsl761fbc50 - ok
18:12:43.0285 6552 MpKsl812a505d - ok
18:12:43.0296 6552 MpKsl8434d74b - ok
18:12:43.0312 6552 MpKsl8e912fbb - ok
18:12:43.0439 6552 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:12:43.0453 6552 MpNWMon - ok
18:12:43.0484 6552 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:12:43.0487 6552 mpsdrv - ok
18:12:43.0542 6552 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:12:43.0555 6552 MRxDAV - ok
18:12:43.0604 6552 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:12:43.0607 6552 mrxsmb - ok
18:12:43.0626 6552 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:12:43.0632 6552 mrxsmb10 - ok
18:12:43.0662 6552 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:12:43.0666 6552 mrxsmb20 - ok
18:12:43.0722 6552 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:12:43.0737 6552 msahci - ok
18:12:43.0769 6552 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:12:43.0786 6552 msdsm - ok
18:12:43.0862 6552 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:12:43.0864 6552 Msfs - ok
18:12:43.0887 6552 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:12:43.0890 6552 mshidkmdf - ok
18:12:43.0920 6552 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:12:43.0923 6552 msisadrv - ok
18:12:43.0988 6552 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:12:44.0002 6552 MSKSSRV - ok
18:12:44.0028 6552 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:12:44.0049 6552 MSPCLOCK - ok
18:12:44.0065 6552 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:12:44.0072 6552 MSPQM - ok
18:12:44.0102 6552 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:12:44.0106 6552 MsRPC - ok
18:12:44.0157 6552 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:12:44.0160 6552 mssmbios - ok
18:12:44.0198 6552 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:12:44.0202 6552 MSTEE - ok
18:12:44.0218 6552 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:12:44.0228 6552 MTConfig - ok
18:12:44.0250 6552 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:12:44.0253 6552 Mup - ok
18:12:44.0301 6552 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:12:44.0333 6552 NativeWifiP - ok
18:12:44.0399 6552 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:12:44.0417 6552 NDIS - ok
18:12:44.0453 6552 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:12:44.0461 6552 NdisCap - ok
18:12:44.0507 6552 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:12:44.0524 6552 NdisTapi - ok
18:12:44.0588 6552 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:12:44.0593 6552 Ndisuio - ok
18:12:44.0634 6552 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:12:44.0694 6552 NdisWan - ok
18:12:44.0753 6552 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:12:44.0798 6552 NDProxy - ok
18:12:44.0850 6552 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:12:44.0853 6552 NetBIOS - ok
18:12:44.0880 6552 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:12:44.0886 6552 NetBT - ok
18:12:44.0981 6552 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:12:44.0984 6552 nfrd960 - ok
18:12:45.0024 6552 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:12:45.0039 6552 NisDrv - ok
18:12:45.0084 6552 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:12:45.0088 6552 Npfs - ok
18:12:45.0110 6552 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:12:45.0115 6552 nsiproxy - ok
18:12:45.0203 6552 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:12:45.0227 6552 Ntfs - ok
18:12:45.0256 6552 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:12:45.0260 6552 Null - ok
18:12:45.0301 6552 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:12:45.0323 6552 nvraid - ok
18:12:45.0390 6552 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:12:45.0394 6552 nvstor - ok
18:12:45.0429 6552 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:12:45.0449 6552 nv_agp - ok
18:12:45.0487 6552 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:12:45.0496 6552 ohci1394 - ok
18:12:45.0581 6552 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:12:45.0586 6552 Parport - ok
18:12:45.0628 6552 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:12:45.0631 6552 partmgr - ok
18:12:45.0653 6552 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:12:45.0656 6552 Parvdm - ok
18:12:45.0699 6552 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:12:45.0704 6552 pci - ok
18:12:45.0733 6552 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:12:45.0749 6552 pciide - ok
18:12:45.0792 6552 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:12:45.0800 6552 pcmcia - ok
18:12:45.0823 6552 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:12:45.0825 6552 pcw - ok
18:12:45.0867 6552 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:12:45.0879 6552 PEAUTH - ok
18:12:45.0972 6552 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:12:46.0009 6552 PptpMiniport - ok
18:12:46.0034 6552 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:12:46.0052 6552 Processor - ok
18:12:46.0093 6552 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:12:46.0107 6552 Psched - ok
18:12:46.0204 6552 PxHelp20 - ok
18:12:46.0269 6552 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:12:46.0305 6552 ql2300 - ok
18:12:46.0333 6552 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:12:46.0385 6552 ql40xx - ok
18:12:46.0411 6552 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:12:46.0415 6552 QWAVEdrv - ok
18:12:46.0440 6552 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:12:46.0459 6552 RasAcd - ok
18:12:46.0512 6552 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:12:46.0515 6552 RasAgileVpn - ok
18:12:46.0538 6552 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:12:46.0545 6552 Rasl2tp - ok
18:12:46.0607 6552 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:12:46.0617 6552 RasPppoe - ok
18:12:46.0663 6552 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:12:46.0670 6552 RasSstp - ok
18:12:46.0704 6552 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:12:46.0710 6552 rdbss - ok
18:12:46.0727 6552 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:12:46.0739 6552 rdpbus - ok
18:12:46.0789 6552 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:12:46.0813 6552 RDPCDD - ok
18:12:46.0860 6552 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
18:12:46.0904 6552 RDPDR - ok
18:12:46.0938 6552 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:12:47.0032 6552 RDPENCDD - ok
18:12:47.0059 6552 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:12:47.0096 6552 RDPREFMP - ok
18:12:47.0148 6552 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
18:12:47.0156 6552 RdpVideoMiniport - ok
18:12:47.0204 6552 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
18:12:47.0218 6552 RDPWD - ok
18:12:47.0269 6552 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:12:47.0273 6552 rdyboost - ok
18:12:47.0367 6552 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:12:47.0369 6552 rspndr - ok
18:12:47.0418 6552 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
18:12:47.0428 6552 s3cap - ok
18:12:47.0474 6552 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:12:47.0479 6552 sbp2port - ok
18:12:47.0524 6552 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:12:47.0540 6552 scfilter - ok
18:12:47.0599 6552 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:12:47.0603 6552 secdrv - ok
18:12:47.0666 6552 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:12:47.0668 6552 Serenum - ok
18:12:47.0691 6552 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:12:47.0698 6552 Serial - ok
18:12:47.0736 6552 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:12:47.0739 6552 sermouse - ok
18:12:47.0811 6552 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:12:47.0835 6552 sffdisk - ok
18:12:47.0856 6552 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:12:47.0869 6552 sffp_mmc - ok
18:12:47.0890 6552 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:12:47.0895 6552 sffp_sd - ok
18:12:47.0927 6552 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:12:47.0929 6552 sfloppy - ok
18:12:47.0976 6552 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:12:47.0985 6552 sisagp - ok
18:12:48.0027 6552 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:12:48.0044 6552 SiSRaid2 - ok
18:12:48.0065 6552 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:12:48.0068 6552 SiSRaid4 - ok
18:12:48.0113 6552 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:12:48.0132 6552 Smb - ok
18:12:48.0195 6552 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:12:48.0197 6552 spldr - ok
18:12:48.0257 6552 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:12:48.0265 6552 srv - ok
18:12:48.0288 6552 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:12:48.0295 6552 srv2 - ok
18:12:48.0340 6552 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:12:48.0345 6552 srvnet - ok
18:12:48.0398 6552 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:12:48.0403 6552 stexstor - ok
18:12:48.0455 6552 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
18:12:48.0457 6552 storflt - ok
18:12:48.0486 6552 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
18:12:48.0500 6552 storvsc - ok
18:12:48.0524 6552 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:12:48.0525 6552 swenum - ok
18:12:48.0568 6552 Synth3dVsc - ok
18:12:48.0652 6552 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
18:12:48.0680 6552 Tcpip - ok
18:12:48.0733 6552 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
18:12:48.0746 6552 TCPIP6 - ok
18:12:48.0782 6552 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:12:48.0785 6552 tcpipreg - ok
18:12:48.0833 6552 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:12:48.0857 6552 TDPIPE - ok
18:12:48.0877 6552 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
18:12:48.0889 6552 TDTCP - ok
18:12:48.0925 6552 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:12:48.0939 6552 tdx - ok
18:12:48.0983 6552 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:12:48.0987 6552 TermDD - ok
18:12:49.0059 6552 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:12:49.0076 6552 tssecsrv - ok
18:12:49.0111 6552 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:12:49.0116 6552 TsUsbFlt - ok
18:12:49.0135 6552 tsusbhub - ok
18:12:49.0193 6552 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:12:49.0226 6552 tunnel - ok
18:12:49.0260 6552 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:12:49.0266 6552 uagp35 - ok
18:12:49.0303 6552 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:12:49.0310 6552 udfs - ok
18:12:49.0366 6552 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:12:49.0369 6552 uliagpkx - ok
18:12:49.0411 6552 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:12:49.0443 6552 umbus - ok
18:12:49.0482 6552 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:12:49.0485 6552 UmPass - ok
18:12:49.0515 6552 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
18:12:49.0519 6552 usbccgp - ok
18:12:49.0564 6552 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:12:49.0568 6552 usbcir - ok
18:12:49.0602 6552 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
18:12:49.0608 6552 usbehci - ok
18:12:49.0667 6552 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:12:49.0673 6552 usbhub - ok
18:12:49.0699 6552 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
18:12:49.0702 6552 usbohci - ok
18:12:49.0744 6552 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:12:49.0787 6552 usbprint - ok
18:12:49.0890 6552 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:12:49.0925 6552 USBSTOR - ok
18:12:49.0942 6552 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:12:49.0946 6552 usbuhci - ok
18:12:49.0992 6552 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:12:49.0995 6552 vdrvroot - ok
18:12:50.0015 6552 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:12:50.0024 6552 vga - ok
18:12:50.0042 6552 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:12:50.0080 6552 VgaSave - ok
18:12:50.0097 6552 VGPU - ok
18:12:50.0139 6552 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:12:50.0198 6552 vhdmp - ok
18:12:50.0237 6552 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:12:50.0255 6552 viaagp - ok
18:12:50.0276 6552 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:12:50.0293 6552 ViaC7 - ok
18:12:50.0313 6552 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:12:50.0335 6552 viaide - ok
18:12:50.0359 6552 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
18:12:50.0364 6552 vmbus - ok
18:12:50.0384 6552 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
18:12:50.0390 6552 VMBusHID - ok
18:12:50.0411 6552 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:12:50.0415 6552 volmgr - ok
18:12:50.0445 6552 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:12:50.0453 6552 volmgrx - ok
18:12:50.0475 6552 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:12:50.0481 6552 volsnap - ok
18:12:50.0516 6552 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:12:50.0534 6552 vsmraid - ok
18:12:50.0560 6552 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
18:12:50.0593 6552 vwifibus - ok
18:12:50.0621 6552 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:12:50.0632 6552 WacomPen - ok
18:12:50.0673 6552 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:12:50.0685 6552 WANARP - ok
18:12:50.0692 6552 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:12:50.0694 6552 Wanarpv6 - ok
18:12:50.0745 6552 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:12:50.0749 6552 Wd - ok
18:12:50.0779 6552 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:12:50.0789 6552 Wdf01000 - ok
18:12:50.0868 6552 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:12:50.0891 6552 WfpLwf - ok
18:12:50.0917 6552 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:12:50.0934 6552 WIMMount - ok
18:12:51.0022 6552 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
18:12:51.0025 6552 WinUsb - ok
18:12:51.0084 6552 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:12:51.0086 6552 WmiAcpi - ok
18:12:51.0171 6552 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:12:51.0187 6552 ws2ifsl - ok
18:12:51.0259 6552 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:12:51.0265 6552 WudfPf - ok
18:12:51.0284 6552 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:12:51.0290 6552 WUDFRd - ok
18:12:51.0346 6552 ztemtusbser - ok
18:12:51.0418 6552 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:12:51.0448 6552 \Device\Harddisk0\DR0 - ok
18:12:51.0469 6552 MBR (0x1B8) (0f099e2e7188d21a4d66d745ba92f1d0) \Device\Harddisk1\DR16
18:13:01.0509 6552 \Device\Harddisk1\DR16 - ok
18:13:01.0516 6552 Boot (0x1200) (08c98ea13cb2188295c92fdb0a467fcb) \Device\Harddisk0\DR0\Partition0
18:13:01.0518 6552 \Device\Harddisk0\DR0\Partition0 - ok
18:13:01.0551 6552 Boot (0x1200) (0558df98f7a089c5bd0dca124ff06209) \Device\Harddisk0\DR0\Partition1
18:13:01.0555 6552 \Device\Harddisk0\DR0\Partition1 - ok
18:13:01.0573 6552 Boot (0x1200) (f108f7c5a8316d8dd83036d98c3e7bee) \Device\Harddisk0\DR0\Partition2
18:13:01.0575 6552 \Device\Harddisk0\DR0\Partition2 - ok
18:13:01.0594 6552 Boot (0x1200) (f448b00e73bda5fba024f23c49f88217) \Device\Harddisk0\DR0\Partition3
18:13:01.0595 6552 \Device\Harddisk0\DR0\Partition3 - ok
18:13:01.0596 6552 ============================================================
18:13:01.0597 6552 Scan finished
18:13:01.0597 6552 ============================================================
18:13:01.0625 6544 Detected object count: 0
18:13:01.0626 6544 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 PM

Posted 19 February 2012 - 02:03 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
C:\WINDOWS\backup.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 mardoom

mardoom
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Africa
  • Local time:03:05 PM

Posted 21 February 2012 - 02:32 PM

Hi Gringo

Here is the log

ComboFix 12-02-17.02 - Artia 02/21/2012 20:34:06.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1256.20.1033.18.2039.1259 [GMT 2:00]
Running from: c:\users\Artia\Desktop\ComboFix.exe
Command switches used :: c:\users\Artia\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\backup.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper.js
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper2.js
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc.dll
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc64.dll
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper.xpt
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper2.xpt
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\components2\iIDMMzCC.xpt
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\install.js
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\install.rdf
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\users\Artia\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
c:\windows\backup.dll
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 )))))))))))))))))))))))))))))))
.
.
2012-02-16 21:24 . 2012-02-16 21:24 -------- d-----w- c:\program files\DDR - Pen Drive Recovery(Demo)
2012-02-16 21:24 . 2010-07-01 01:32 67312 ----a-w- c:\windows\UnDeployV.exe
2012-02-16 21:06 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{877177A3-7B67-4AEB-BD12-D1A4B213B2FE}\mpengine.dll
2012-02-15 20:11 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-15 20:11 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-02-15 20:11 . 2011-12-14 03:04 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-15 20:11 . 2011-12-14 02:54 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-02-15 20:11 . 2011-12-14 02:57 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-15 20:10 . 2011-12-14 02:59 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-02-15 20:10 . 2011-12-14 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-15 20:01 . 2012-02-15 20:01 388096 ----a-r- c:\users\Artia\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-15 20:01 . 2012-02-15 20:01 -------- d-----w- c:\program files\Trend Micro
2012-02-15 19:49 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 19:49 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 19:49 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 19:49 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-12 13:19 . 2012-02-12 13:19 24576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{90FF0115-E261-4DE0-B84F-3E8054C5E887}-HPQUSGL.EXE
2012-02-09 08:01 . 2012-02-09 08:01 -------- d--h--w- c:\windows\PIF
2012-02-02 19:00 . 2012-02-02 19:00 -------- d-----w- c:\program files\Common Files\Java
2012-02-02 19:00 . 2012-02-02 18:59 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-02 19:00 . 2012-02-02 18:59 567184 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-02 18:59 . 2012-02-02 18:59 -------- d-----w- c:\program files\Java
2012-02-02 13:20 . 2012-02-02 13:20 -------- d-----w- C:\بوابة الشروق ترصد المواقف السياسية لأحداث مباراة الأهلي وبورسعيد لحظة بلحظة - بوابة الشروق_files
2012-02-01 19:38 . 2012-02-01 19:38 417440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-01-26 11:00 . 2012-01-26 11:00 70656 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{DB69CF0B-B4DC-4BB6-9788-870ECBEA41DA}-eapytp.pif
2012-01-26 11:00 . 2012-01-26 11:00 70656 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{B52D554B-C9CC-476D-B087-CFB0B9F856D5}-ghsx.pif
2012-01-26 10:59 . 2012-01-26 10:59 70656 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{CE308CCB-A163-4BB8-86D1-04512371B33B}-eapytp.pif
2012-01-26 10:59 . 2012-01-26 10:59 70656 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{352B43FF-60E0-4424-90A6-8970A24E7B9E}-ghsx.pif
2012-01-26 10:57 . 2012-01-26 10:57 1821008 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{6BE7F334-C6CE-4522-8647-41DAE058BA11}-Instmsiw.exe
2012-01-26 10:57 . 2012-01-26 10:57 200704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{B9BF587E-6191-400E-8066-33D32FDB22C1}-Setup.exe
2012-01-26 10:57 . 2012-01-26 10:57 70656 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{7867DC6B-34FA-4351-8F99-14226378C4F5}-eapytp.pif
2012-01-26 10:57 . 2012-01-26 10:57 70656 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{3E4B31F6-DB1C-4C62-8847-DF6DEF624F90}-ghsx.pif
2012-01-25 12:08 . 2012-01-25 12:08 26112 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{1C73337C-8E53-4DA6-B8DC-4D3349A9E984}-GAXEE .EXE
2012-01-25 12:07 . 2012-01-25 12:07 26112 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{3B670AFC-A775-47E3-A2B3-0C36EF2D1A84}-A0003761.EXE
2012-01-25 12:07 . 2012-01-25 12:07 26112 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{528E0AA6-E8A4-4F2D-8F61-40D57040CF00}-GAXEE .EXE
2012-01-22 21:57 . 2012-01-22 21:57 -------- d-----w- C:\New folder (2)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-01 19:38 . 2011-09-18 16:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44 . 2009-10-14 09:58 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 04:19 . 2011-09-15 21:58 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-17 14:53 . 2011-11-10 08:56 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 16:23 68216 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-03-11 3301376]
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe" [2010-03-09 11989960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-17 11430504]
"pdfFactory Pro Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-12-11 614400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
.
c:\users\Artia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 22:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
R1 MpKsl03a95a80;MpKsl03a95a80;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63208238-713E-48B1-8EBC-EA55B6E26924}\MpKsl03a95a80.sys [x]
R1 MpKsl30523ee8;MpKsl30523ee8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4A53384-9A94-4BEB-9494-18B385256FFE}\MpKsl30523ee8.sys [x]
R1 MpKsl51e3af43;MpKsl51e3af43;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F584F9B-52F1-404C-9052-9DABD337711A}\MpKsl51e3af43.sys [x]
R1 MpKsl5ed540fb;MpKsl5ed540fb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63208238-713E-48B1-8EBC-EA55B6E26924}\MpKsl5ed540fb.sys [x]
R1 MpKsl693869aa;MpKsl693869aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4A53384-9A94-4BEB-9494-18B385256FFE}\MpKsl693869aa.sys [x]
R1 MpKsl761fbc50;MpKsl761fbc50;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63208238-713E-48B1-8EBC-EA55B6E26924}\MpKsl761fbc50.sys [x]
R1 MpKsl812a505d;MpKsl812a505d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F584F9B-52F1-404C-9052-9DABD337711A}\MpKsl812a505d.sys [x]
R1 MpKsl8434d74b;MpKsl8434d74b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4A53384-9A94-4BEB-9494-18B385256FFE}\MpKsl8434d74b.sys [x]
R1 MpKsl8e912fbb;MpKsl8e912fbb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1CCA76D-6671-44A6-AC1E-F67F080F1462}\MpKsl8e912fbb.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-01 253600]
R3 cpuz134;cpuz134;c:\users\Artia\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-08-31 208896]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-14 1343400]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-01-25 85768]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-01 19:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
FF - ProfilePath - c:\users\Artia\AppData\Roaming\Mozilla\Firefox\Profiles\rqcakms6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-597993105-3846562757-1954601564-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*, j*p*g*\OpenWithList]
@Class="Shell"
"a"="PhotoViewer.dll"
"MRUList"="ba"
"b"="DllHost.exe"
.
[HKEY_USERS\S-1-5-21-597993105-3846562757-1954601564-1000_Classes\CLSID\{5a45c3c6-8b8b-4aad-901a-81616186763d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-597993105-3846562757-1954601564-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):9a,00,04,c6,af,f4,45,d5,8e,ef,95,44,b5,60,e2,79,71,9b,f2,0b,52,
12,c1,d9,1e,0d,37,ab,7c,2c,35,b6,d0,73,49,04,86,f3,bd,61,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3432)
c:\program files\Corel\Corel Graphics 11\Programs\CdrIco110.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-02-21 20:59:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-21 18:59
ComboFix2.txt 2012-02-17 22:42
.
Pre-Run: 61,796,585,472 bytes free
Post-Run: 61,756,215,296 bytes free
.
- - End Of File - - D154DCE9161FAF6E11400FCBE4FB6C8D

One of the problems is that this PC does not start up.If I hit the start up it closes down then a black screen appears,then nathing happens.I have to shut it down and start it again.its still slow
Regards
amir

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 PM

Posted 21 February 2012 - 08:05 PM

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 mardoom

mardoom
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Africa
  • Local time:03:05 PM

Posted 24 February 2012 - 05:55 AM

Hi Gringo

Sorry,I will send the Logs as soon as I can.

Regards
amir

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 PM

Posted 24 February 2012 - 07:46 AM

No problem!!
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 mardoom

mardoom
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Africa
  • Local time:03:05 PM

Posted 26 February 2012 - 03:23 PM

Hi Gringo

Here are the Logs

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.26.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Artia :: ARTIA-PC [administrator]

26/02/2012 09:44:59 م
mbam-log-2012-02-26 (21-44-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 181343
Time elapsed: 6 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:14:21 م, on 26/02/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Program Files\Microsoft Security Client\msseces.exe
c:\program files\corel\corel graphics 11\programs\coreldrw.exe
c:\program files\corel\corel graphics 11\programs\coreldrw.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 5226 bytes

PC is a little bit better
Regards
Amir

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 PM

Posted 26 February 2012 - 03:31 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
      O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
      O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 mardoom

mardoom
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Africa
  • Local time:03:05 PM

Posted 28 February 2012 - 02:52 PM

Hi Gringo
Here is Eset online scanner log

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{9FF32A8E-9B1A-4DBF-8E72-134A8EFC6083}-Config.exe.BD877816AF3A805A Win32/AutoRun.LU worm
C:\Qoobox\Quarantine\C\Windows\backup.dll.vir Win32/AutoRun.LU worm
C:\Qoobox\Quarantine\C\Windows\sys32.exe.vir Win32/AutoRun.LU worm
C:\Users\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{9FF32A8E-9B1A-4DBF-8E72-134A8EFC6083}-Config.exe.BD877816AF3A805A Win32/AutoRun.LU worm
C:\Users\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{C15DBAEE-18D0-465C-9D4A-26895EFF7294}-Config.exe.6A2EEB817F947B42 Win32/AutoRun.LU worm
C:\Users\Artia\AppData\Local\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application
C:\Users\Artia\Downloads\Programs\4media_photo_slideshow_maker.exe probably a variant of Win32/SWInformer.B application
C:\Users\Artia\Downloads\Programs\avc-free.exe Win32/OpenCandy application
C:\Users\Artia\Downloads\Programs\cnet_all-file-to-all-file-converter_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Artia\Downloads\Programs\cnet_videoconverter_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Artia\Downloads\Programs\installer_skype.exe Win32/Toggle application
F:\Config.exe Win32/AutoRun.LU worm
F:\Sources\avconvertor-free.exe Win32/OpenCandy application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users